AKS™ – Feel The Change!

    A bug discovered earlier this week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly by S.Berry on milw0rm. Just after three days worth of testing later, Mozilla has pushed out Firefox 3.5.1, with a fix for this error as well as corrections for several other bugs.

    “ Firefox user zbyte reported a crash that we determined could result in an exploitable memory corruption problem. In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state. This could be exploited by an attacker to run arbitrary code such as installing malware.”

    The vulnerability was introduced in TraceMonkey, the JavaScript engine used in Firefox 3.5 that actually offers a decent speed boost to the browser. Oddly enough, TraceMonkey was already set to be patched this month by Mozilla, as bugs in the newest engine were listed in a July 1 meeting as the sole topcrash issue for Firefox 3.5. In other words, while vulnerabilities like this are horrible, this one came at a perfect time as developers were already giving TraceMonkey a thorough cleaning.

Features:-

• Super Speed new
  View Web pages way faster, using less of your computer’s memory.
• Anti-Phishing & Anti-Malware improved
  Enjoy the most advanced protection against online bad guys.
• Session Restore improved
  Unexpected shutdown? Go back to exactly where you left off.
• One-Click Bookmarking
  Bookmark, search and organize Web sites quickly and easily.
• Easy Customization improved
  Thousands of add-ons give you the freedom to make your browser your own.
• Tabs improved
  Do more at once with tabs you can organize with the drag of a mouse.
• Instant Web Site ID
  Avoid online scams, unsafe transactions and forgeries with simple site identity.

      I strongly recommend that all firefox 3.5 users upgrade to this latest release. If you already have Firefox 3.5, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu. You can download Firefox 3.5.1 from official Mozilla site.

Download Firefox 3.5.1

         If you want to upgrade your Firefox to the latest 3.5 then think again.

     SBerry released code on Milw0rm, has issued an advisory warning of a memory corruption error in Mozilla’s newest version of Firefox, version 3.5. The vulnerability, if exploited, allows code execution that could lead to system compromise.

       The vulnerability is caused due to an error when processing JavaScript code handling e.g. "font" HTML tags and can be exploited to cause a memory corruption.

Here is SBerry Posted code.

     Secunia is offering advice to Firefox users that until this newest vulnerability is patched, they should avoid untrusted websites and links. However, Brian Krebs took the smart road in his advice on the issue. Krebs, who is a reporter for the Washington Post, advised his users to disable "javascript.options.jit.content" in about:config. This fix has a drawback however, it will lower the rendering speeds of JavaScript, which is one of the major performance improvements in Firefox 3.5. If you are willing to take the trade, then his fix should work fine.

DNS INFORMATION LEAK

     There is another little glitch in firefox that exposes DNS information for users wanting to remain anonymous using proxy settings.

    Tw1zl3r reports that, “The DNS Leak issue in FireFox 3.5 is a BIG BUG because even if you use the about:Config force remote DNS look ups using a proxy the requests are still sent to your local DNS. The local DNS query leaks your web searches out for anyone with a brain cell and WireShark to view a users web query’s in plain text. FireFox 3.5 has the toggle network.proxy.socks_remote_dns option in it but when adding the option in about:Config it does nothing and is all show no go. The setting does nothing and allows DNS to Leak.”

      However, some users who tested his point wonder if the DNS leak has more to do with an add-on than Firefox itself. However, if it is a Mozilla issue, then it would need to be addressed as soon as possible.

[Source]

        The day before yesterday, I started Internet Security Test Series(ISTS). In ISTS-I we tested our firewall. Now  in continuation with ISTS, today we test Browser Security.

        According to Wikipedia “A Web browser is a software application which enables a user to display and interact with text, images, videos, music, games and other information typically located on a Web page at a Web site on the World Wide Web or a local area network.”

       Basically it is an interface to interact with the content of internet through web pages. Regular net users visit so many sites, through search engines or they know web address and many other ways. But some of the websites contains, malicious codes, harmful scripts or ActiveX content which they run on your browser that can steal personal information or gain unauthorized access, so on…

       To prevent that you need a good and secure browser. How do you know whether it is secure or not?…the answer is by testing it.

      Now, you eagerly want to test your browser, isn’t it?

If yes, then without wasting more time here we go….

      Visit http://bcheck.scanit.be/bcheck/

Here you have 3 options

1. Only test for bugs specific to my type of browser
2. Run all available tests
3. Choose individual tests

       You can choose anyone of them, if you ask me then according to me, any one of  (“Only test for bugs specific to my type of browser” or ”Run all available tests”)them do the job. If you still confuse then go for 1 test and click Start the test.

    After testing for a minute or two it will display you browser result.

      I have tested it in Internet Explorer 8, Chrome 1.0.154.53, Mozilla v3.0.8.They passed all test.

Here are some of Screenshots..

       If you test on any other browser with other than above three then do update us by commenting.

      If you are satisfied with the above site test then you can test it through Jason’s Toolbox .

      Go to this page http://www.jasons-toolbox.com/BrowserSecurity/  this site basically test your Browser for java script, cookies and ActiveX content. If your test fails it shows how to correct it. You can passed this java script test by disabling java script in your browser but this is not a good solution, you need java script for displaying some of pages. Before changing browser configuration by seeing the results you should be aware of what you are doing.

        I’ll recommend this site only for average users or above. 

      Now, if you have tested it then show us how safe you are on net by displaying test results and don’t forget to mention browser name and version.

      Enjoy !

      Now you can customize firefox web browser with AnyColor. AnyColor is an extension (add-on) for Firefox 3 and above that changes the browser looks without installing separate theme

            The major benefits of the Any Color add-on besides the fact that the interface changes can be applied without restarting the web browser are the selection and preview of color themes as well as background images for the top and bottom of the web browser. Advanced users can also run so called appearance scripts that can change the web browser’s appearance dynamically.

Features:

• Choose your own colors and preview them immediately.
• Select background images for the top and bottom part of the browser’s main window.
• Choose one of the built-in appearance presets or create your own.
• Create “appearance scripts” and change the browser’s appearance using dynamically generated content. ..

    Now you definitely want to play with firefox look. isn’t it?

   If you enjoyed this post, then make sure you subscribe to my feeds.:)

   AnyColor Add-on